package com.zenithmind.user.config;

import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;

/**
 * 安全配置属性类
 * 遵循单一职责原则：专门负责安全配置属性的管理
 * 遵循开闭原则：通过配置文件支持不同环境的配置
 */
@Data
@Component
@ConfigurationProperties(prefix = "zenithmind.security")
public class SecurityProperties {
    
    /**
     * 是否启用安全配置
     */
    private boolean enabled = true;
    
    /**
     * 是否启用严格模式
     */
    private boolean strictMode = true;
    
    /**
     * JWT配置
     */
    private JwtConfig jwt = new JwtConfig();
    
    /**
     * 路径配置
     */
    private PathConfig paths = new PathConfig();
    
    /**
     * 认证配置
     */
    private AuthConfig auth = new AuthConfig();
    
    @Data
    public static class JwtConfig {
        /**
         * 访问令牌过期时间（秒）
         */
        private int accessTokenExpiration = 3600; // 1小时
        
        /**
         * 刷新令牌过期时间（秒）
         */
        private int refreshTokenExpiration = 604800; // 7天
        
        /**
         * 令牌签发者
         */
        private String issuer = "http://localhost:8081";
        
        /**
         * 是否允许令牌刷新
         */
        private boolean allowRefresh = true;
        
        /**
         * 令牌前缀
         */
        private String tokenPrefix = "Bearer ";
        
        /**
         * 令牌头名称
         */
        private String headerName = "Authorization";
    }
    
    @Data
    public static class PathConfig {
        /**
         * 公开访问路径（不需要认证）
         */
        private List<String> publicPaths = new ArrayList<>(List.of(
            "/api/zenithMind/auth/login",
            "/api/zenithMind/auth/register",
            "/api/zenithMind/auth/simple-login",
            "/api/zenithMind/verification/**",
            "/actuator/health",
            "/actuator/info"
        ));
        
        /**
         * API文档路径
         */
        private List<String> docPaths = new ArrayList<>(List.of(
            "/v3/api-docs/**",
            "/swagger-ui/**",
            "/swagger-ui.html",
            "/doc.html",
            "/webjars/**",
            "/favicon.ico",
            "/knife4j/**",
            "/knife4j-ui/**",
            "/knife4j.html"
        ));
        
        /**
         * 用户角色路径
         */
        private List<String> userPaths = new ArrayList<>(List.of(
            "/api/zenithMind/user/**",
            "/api/zenithMind/profile/**"
        ));
        
        /**
         * 管理员角色路径
         */
        private List<String> adminPaths = new ArrayList<>(List.of(
            "/api/zenithMind/admin/**",
            "/api/zenithMind/manage/**",
            "/api/zenithMind/user-management/**",
            "/api/zenithMind/v1/dashboard/**"
        ));
        
        /**
         * 超级管理员路径
         */
        private List<String> superAdminPaths = new ArrayList<>(List.of(
            "/api/tenant/**",
            "/api/zenithMind/system/**"
        ));
    }
    
    @Data
    public static class AuthConfig {
        /**
         * 是否启用认证
         */
        private boolean enabled = true;
        
        /**
         * 认证失败重试次数
         */
        private int maxRetryAttempts = 3;
        
        /**
         * 账户锁定时间（分钟）
         */
        private int lockoutDuration = 30;
        
        /**
         * 是否启用验证码
         */
        private boolean captchaEnabled = true;
        
        /**
         * 验证码过期时间（分钟）
         */
        private int captchaExpiration = 5;
        
        /**
         * 是否启用记住我功能
         */
        private boolean rememberMeEnabled = true;
        
        /**
         * 记住我过期时间（秒）
         */
        private int rememberMeExpiration = 1209600; // 14天
        
        /**
         * 是否启用单点登录
         */
        private boolean ssoEnabled = false;
        
        /**
         * 最大并发会话数
         */
        private int maxSessions = 1;
        
        /**
         * 会话超时时间（分钟）
         */
        private int sessionTimeout = 30;
    }
    
    /**
     * 获取所有公开路径
     */
    public String[] getAllPublicPaths() {
        List<String> allPaths = new ArrayList<>();
        allPaths.addAll(paths.getPublicPaths());
        allPaths.addAll(paths.getDocPaths());
        return allPaths.toArray(new String[0]);
    }
    
    /**
     * 获取用户路径
     */
    public String[] getUserPaths() {
        return paths.getUserPaths().toArray(new String[0]);
    }
    
    /**
     * 获取管理员路径
     */
    public String[] getAdminPaths() {
        return paths.getAdminPaths().toArray(new String[0]);
    }
    
    /**
     * 获取超级管理员路径
     */
    public String[] getSuperAdminPaths() {
        return paths.getSuperAdminPaths().toArray(new String[0]);
    }
    
    /**
     * 检查路径是否为公开路径
     */
    public boolean isPublicPath(String path) {
        return paths.getPublicPaths().stream().anyMatch(pattern -> 
            path.matches(pattern.replace("**", ".*").replace("*", "[^/]*"))) ||
               paths.getDocPaths().stream().anyMatch(pattern -> 
            path.matches(pattern.replace("**", ".*").replace("*", "[^/]*")));
    }
    
    /**
     * 检查路径是否需要管理员权限
     */
    public boolean isAdminPath(String path) {
        return paths.getAdminPaths().stream().anyMatch(pattern -> 
            path.matches(pattern.replace("**", ".*").replace("*", "[^/]*"))) ||
               paths.getSuperAdminPaths().stream().anyMatch(pattern -> 
            path.matches(pattern.replace("**", ".*").replace("*", "[^/]*")));
    }
}
